- 论坛徽章:
- 0
|
环境: Sun Fire V120 安装Solaris10 启用两个网卡
eri0 接 192.168.0.254 做内网NAT主机用
eri1 接 192.168.10.2 (公司外网,光纤接入后通过路由器,接到交换机上,网段192.168.10.x ,给内网用NAT主机是外网局域网中的一台机器)
# cat /etc/hosts
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.168.0.254 firewall loghost
192.168.10.2 firewallout
192.168.10.1 router
# cat hostname.eri0
firewall
# cat hostname.eri1
firewallout
# cat defaultrouter
router 192.168.10.1
# cat resolv.conf
nameserver 192.168.10.1
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2
inet 192.168.0.254 netmask ffffff00 broadcast 192.168.0.255
ether 0:3:ba:35:d1:6c
eri1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 192.168.10.2 netmask ffffff00 broadcast 192.168.10.255
ether 0:3:ba:35:d1:6d
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.0.252 UG 1 1983
default 192.168.0.254 UG 1 0
192.168.0.0 192.168.0.254 U 1 1986 eri0
192.168.10.0 192.168.10.2 U 1 9 eri1
192.168.10.0 192.168.10.2 UG 1 0
224.0.0.0 192.168.0.254 U 1 0 eri0
127.0.0.1 127.0.0.1 UH 2 188 lo0
# routeadm
配置 当前 当前
选项 配置 系统状态
---------------------------------------------------------------
IPv4 路由 enabled enabled
Ipv6 路由 disabled disabled
IPv4 转发 enabled enabled
Ipv6 转发 disabled disabled
路由服务 "route:default ripng:default"
路由守护进程:
STATE FMRI
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/ndp:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/ripng:default
online svc:/network/routing/route:default
现在的问题是:
(1) 不能通过路由器 192.168.10.1 网段上网, 使用 nslookup 可解析域名
# nslookup www.baidu.com
Server: 192.168.10.1
Address: 192.168.10.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 202.108.22.5
Name: www.a.shifen.com
Address: 202.108.22.43
# ping www.baidu.com
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
ICMP Host Unreachable from gateway firewallout (192.168.10.2)
for icmp from firewallout (192.168.10.2) to xd-22-43-a8.bta.net.cn (202.108.22.43)
no answer from www.baidu.com
(2) 如何设置 NAT 使内网(192.168.0.X) 的客户端能上网?
请高手协助解决,不胜感激. |
|
免费注册
发表于 2009-04-08 12:53
发表于 2009-04-08 23:32